<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
	if(isset($_POST['Submit']))
	{
		$errors=array();
		$required=array("TenThanhVien","MatKhau");
		foreach($required as $fieldname)
		{
			if(!isset($_POST[$fieldname])|| empty($_POST[$fieldname]))
			{
				$errors[]="<strong>$fieldname</strong> không được để trống!";
			}
		}//End foreach
		
		if(empty($errors))
		{
			include_once "../connection.php";
			$TenThanhVien=mysql_real_escape_string($_POST['TenThanhVien']);
			$MatKhau=mysql_real_escape_string($_POST['MatKhau']);
			$sha_pw=md5($MatKhau);
			
			$query="Select * from thanhvien where TenThanhVien='".$TenThanhVien."' and MatKhau='".$sha_pw."'";
			
			$result=mysql_query($query);
			
			if(mysql_num_rows($result) == 0)
			{
				$errors[]="Tài khoản hoặc password không trùng khớp";
			}
			else{
				while($rows = mysql_fetch_array($result))
				{				
					$_SESSION['name']=$rows['TenThanhVien'];
					$_SESSION['Level']=$rows['QuyenTruyCap'];
					
					if($_SESSION['Level'] == 2)
					{
						header("location:../MyModel/TrangChu.php");
					}
					else if($_SESSION['Level'] == 1)
					{
						header("location:../MyModel/Admin.php");
					}
				}//End while
				
			}
		}//End empty[errors]
		
		
	}//End isset[submit]
?>
<?php
	if(!empty($errors))
	{
		echo"<ul>";
		foreach($errors as $error)
		{
			echo"<li>$error</li>";
		}
		echo"</ul>";
	}
?>
</body>
</html>